Difference between revisions of "Troubleshooting AntiVirus false positives"

From regify WIKI
Jump to navigation Jump to search
Line 6: Line 6:
  
 
== known false positives ==
 
== known false positives ==
 +
'''Webroot Antivirus''' (October 2015)<br>
 +
The false positive seems on regimail. We created a support ticket and reported the false alert. No response until now.
 +
 +
'''f-secure''' (Octopber 2015)<br>
 +
f-secure does not report a virus or trojan but complains about the setup and executable of regibox (eg regibox.exe) to be some not very often used software. Sadly, this is very penetrative during setup but you can chose to continue and after the setup finished it is quiet. We reported this as a false alert to f-secure. We do not expect any reaction...
 +
 
'''AVG Antivirus''' (September 2015)<br>
 
'''AVG Antivirus''' (September 2015)<br>
 
The false positive was on ''regibox-1.2.1-3025.exe'' and also ''regify_client-4.1.2-2466.exe''. Both false positives are reported to AVG. Status pending.<br>
 
The false positive was on ''regibox-1.2.1-3025.exe'' and also ''regify_client-4.1.2-2466.exe''. Both false positives are reported to AVG. Status pending.<br>

Revision as of 13:11, 21 October 2015

It happens occasionally, that AntiVirus software detects the regify client setup or parts of it as virus. This are false positives.

In order to validate, if you have the correct setup, please ensure that the setup has been downloaded directly from your regify provider.

Do not trust setups that have been downloaded from other pages than your regify provider (at which you signed on) or directly at www.regify.com!

known false positives

Webroot Antivirus (October 2015)
The false positive seems on regimail. We created a support ticket and reported the false alert. No response until now.

f-secure (Octopber 2015)
f-secure does not report a virus or trojan but complains about the setup and executable of regibox (eg regibox.exe) to be some not very often used software. Sadly, this is very penetrative during setup but you can chose to continue and after the setup finished it is quiet. We reported this as a false alert to f-secure. We do not expect any reaction...

AVG Antivirus (September 2015)
The false positive was on regibox-1.2.1-3025.exe and also regify_client-4.1.2-2466.exe. Both false positives are reported to AVG. Status pending.
In order to install the regibox manager or regify client, right-click the AVG icon in the system tray next to the clock. Click Temporarily disable AVG protection and select a few minutes to install the software. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation. Alternatively, if already detected, you can chose to create an exception on that file.
UPDATE: We tested again on 19. October 2015 and AVG still reports a false positive. Sadly, now also the contained file regify_OLAddIn_x32_Setup.exe for the Outlook AddIn is triggering a false alarm. We will report this to AVG, too.

Trend Micro (September 2015)
The false positive was on regify_client_setup-4.1.2-2466_elevated.exe. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Now run the downloaded regify setup. Please re-activate protection directly after successfully installation.

Kaspersky (February 2013)
The Kaspersky 2012 virus scanner reports a false positive for regify.dll and classifies the file as Trojan-PSW.Win32.Tepfer.gevv. The false positive was reported to Kaspersky on 25. February. The regify.dll is part of the regify client-sdk.

Trend Micro (November 2011)
The false positive was on regify_client_setup_elevated.exe and on a registry key. This is used by our MSI setup and happens directly on setup. The false positive is reported to Trend Micro. Status is pending.
To install, please deactivate the Trend Micro Virus scanner for the duration of the installation (before running the setup). To deactivate, right click on the Trend Micro symbol in your ToolTray (right bottom of windows desktop) and uncheck the virus-scanner. Please re-activate directly after successfully installation.

Norton Internet Security (October 2011)
The false positive was on regify_client.exe. It was reportet, acknowledged and confirmed by symantec in September 2011 and seems gone now (17. October 2011).
The only way to install has been to explicitely allow and accept the file in your Norton software.

Avast (July 2011)
Sometimes, Avast suggests you to install in Sandbox. Simply answer this question with no and choose to run normally.

other virusscanner issues

McAfee VirusScan (May 2012)

We learned, that McAfee VirusScan blocks all port 25 communication by default. It allows only well known software (Outlook) to use this port by default.
Here ist the McAfee Knowledgebase article: KB50707
A quick validation is to temporary disable the virus-scanner for a short time to make your tests.

Symantec Endpoint Security (March 2013)

SEP is using some email proxy functionality that interferres especially with regipay desktop and regibill desktop SMTP sending features. We found several issues like transmission problems, timeouts and occasional RSET commands in data flow. In order to workaround these issues, you need to turn off the Internet Email Auto-Protect feature.

SEP AutoProtect.jpg

If you are not able to deactivate this, you might go to Control Panel, Programs and Features (was Add/remove Programs), Symantec, Change and remove the POP3/SMTP Scanner feature.

SEP CustomSetup.jpg